-1. [Add the Microsoft Purview Information Protection Sync Service service principal](#step-2-add-the-microsoft-purview-information-protection-sync-service-service-principal).

-### Step 2: Add the Microsoft Purview Information Protection Sync Service service principal

-The **Microsoft Purview Information Protection Sync Service** service principal is not available in Azure China tenants by default, and is required for Azure Information Protection. Create this service principal manually via the Azure Az PowerShell module.

-1. Create the **Microsoft Purview Information Protection Sync Service** service principal manually using the [New-AzADServicePrincipal](/powershell/module/az.resources/new-azadserviceprincipal) cmdlet and the `870c4f2e-85b6-4d43-bdda-6ed9a579b725` application ID for the Microsoft Purview Information Protection Sync Service:

-As part of a layered defense to detect and remediate inappropriate messages in your organization, you can supplement communication compliance policies with user-reported messages in Microsoft Teams. This feature empowers users in your organization to self-report inappropriate internal chat messages, such as harassing or threatening language, sharing of adult content, and sharing of sensitive or confidential information, to help foster a safe and compliant work environment.

-Enabled by default in the [Teams admin center](/microsoftteams/manage-teams-in-modern-portal), the *Report a concern* option in Teams messages allows users in your organization to submit inappropriate internal chat messages for review by communication compliance reviewers for the policy. These messages are supported by a default system policy that supports reporting messages in Teams group and private chats.

-description: "Understand how to use Microsoft Compliance Configuration Analyzer to get up and running quickly with Microsoft Purview Compliance Manager."

-# Microsoft Compliance Configuration Analyzer for Compliance Manager (preview)

-**In this article:** Learn how to install and run the Microsoft Compliance Configure Analyzer tool to get quickly started with Microsoft Compliance Manger.

-## Microsoft Compliance Configuration Analyzer (MCCA) (preview) overview

-The Microsoft Compliance Configuration Analyzer (MCCA) is a preview tool that can help you get started with [Microsoft Purview Compliance Manager](compliance-manager.md). MCCA is a PowerShell-based utility that will fetch your organization's current configurations and validate them against Microsoft 365 recommended best practices. These best practices are based on a set of controls that include key regulations and standards for data protection and data governance.

-MCCA can help you quickly see which improvement actions in Compliance Manager apply to your current Microsoft 365 environment. Each action identified by MCCA will give you recommendations for implementation, with direct links to Compliance Manager and the applicable solution to start taking corrective action.

-An additional resource for understanding MCCA is by visiting the [README instructions on GitHub](https://github.com/OfficeDev/MCCA#overview). This page provides detailed information about prerequisites and gives full installation instructions. You don't need a GitHub account to access this page.

-**Availability**: MCCA is available to all organizations with Office 365 and Microsoft 365 licenses and US Government Community (GCC) Moderate, GCC High, and Department of Defense (DoD) customers.

-## Install MCCA and run a report

-You can install the MCCA tool using Windows PowerShell. Once you download and install the tool, you don't need to repeat those steps in order to run reports. Each time you open MCCA, it will ask you for your login credentials, and it will generate a new, updated report.

-### Step 2: Install MCCA

-To install MCCA, start by using PowerShell in administrator mode. Follow the steps below:

- Install-Module -Name MCCAPreview

-After you install MCCA, you can run MCCA and generate a report. To run a report:

- Get-MCCAReport

- Get-MCCAReport -ExchangeEnvironmentName O365USGovGCCHigh

-3. Once MCCA runs, it does an initial version check and ask for credentials. At the Input the user name prompt, sign in with your Microsoft 365 account email address ([view the roles eligible to create reports](#role-based-reporting)). Then enter your password at the password prompt.

-Your report will then take approximately 2-5 minutes to generate. When it's done, a browser window opens and displays your HTML report. Every time you run the tool, it will ask for your credentials and generate a new report. This report is stored locally in the directory C: \ Users \ *username* \ AppData \ Local \ Microsoft \ MCCA.

- Get-MCCAReport -Geo @(1,7)

- > The report will always include MCCA supported international sensitive information types such as SWIFT code, credit card number, etc.

-Your report will also be customized based on your role.

-The table below shows which roles have access to which sections of the report. Other roles within your organization (not listed in the table below) may not be able to run the tool, or they may run the tool and have limited access to information in the final report.

-

-Exceptions:

-1. Users won't be able to generate report for IP apart from ΓÇ£Use IRM for Exchange OnlineΓÇ¥ section.

-2. Users will be able to generate report for IP apart from ΓÇ£Use IRM for Exchange OnlineΓÇ¥ section.

-3. Users will be able to generate report for IP apart from ΓÇ£Enable Communication Compliance in O365ΓÇ¥ section.

-4. Users won't be able to generate report for IP apart from ΓÇ£Enable Auditing in Office 365ΓÇ¥ section.

-5. Users will be able generate report for IP apart from ΓÇ£Enable Auditing in Office 365ΓÇ¥ section.

-

-MCCA evaluates your current configurations against the recommended improvement actions in Compliance Manager. Any improvement action identified by the MCCA tool as needing attention will be listed in this section.

-Clicking on the Compliance Manager link takes you to a filtered view of all the improvement actions within that solution that you have not yet implemented. From there, you can see the number of points you can achieve to increase your [compliance score](compliance-score-calculation.md), and the assessments they apply to, and the applicable regulations and certifications.

-For more detailed information on installing, setting up, and using MCCA, see the [README instructions on GitHub](https://github.com/OfficeDev/MCCA#overview) (no GitHub account required).

-[Onboard Windows 10 or 11 devices using Mobile Device Management tools](device-onboarding-mdm.md) | Use Mobile Device Management tools or Microsoft Intune to deploy the configuration package on device.

-Once an device is onboarded, it should be visible in the devices list and also start reporting audit activity to Activity explorer.

-If you have onboarded devices through [Microsoft Defender for Endpoint](/windows/security/threat-protection/), those devices will automatically show up in the list of devices. You can **Turn on device monitoring** to use endpoint DLP.

-<!--USGovDoD endpoints version 2022060100-->

-<!--File generated 2022-06-01 08:00:04.9385-->

-<!--USGovGCCHigh endpoints version 2022060100-->

-<!--File generated 2022-06-01 08:00:06.2025-->

-7 | Optimize<BR>Required | Yes | `*.gov.teams.microsoft.us, *.infra.gov.skypeforbusiness.us, *.online.gov.skypeforbusiness.us, gov.teams.microsoft.us`<BR>`52.127.88.0/21, 52.238.114.160/32, 52.238.115.146/32, 52.238.117.171/32, 52.238.118.132/32, 52.247.167.192/32, 52.247.169.1/32, 52.247.172.50/32, 52.247.172.103/32, 104.212.44.0/22, 195.134.228.0/22` | **TCP:** 443, 80<BR>**UDP:** 3478, 3479, 3480, 3481

-31 | Allow<BR>Required | Yes | `*.gov.skypeforbusiness.us, *.gov.teams.microsoft.us, gov.teams.microsoft.us` | **TCP:** 443, 80

-<!--Worldwide endpoints version 2022060100-->

-<!--File generated 2022-06-01 08:00:02.7692-->

-You'll need Microsoft Intune to onboard mobile devices, such as Android and iOS/iPadOS devices. If you have [Microsoft 365 Business Premium](../../business/index.yml), you've Intune.

-## [Configure and onboard devices]()

-### [Microsoft Defender for Endpoint on Windows and Windows Server]()

-#### [Onboarding tools and methods for Windows endpoints](configure-endpoints.md)

-#### [Onboard Windows devices and Windows Servers]()

-##### [Onboard previous versions of Windows](onboard-downlevel.md)

-##### [Onboard Windows devices and Windows Servers]()

-###### [Onboard Windows Server 2012 R2, 2016, Semi-Annual Channel, 2019, and 2022](configure-server-endpoints.md)

-###### [Onboard Windows devices using a local script](configure-endpoints-script.md)

-###### [Onboard Windows devices using Group Policy](configure-endpoints-gp.md)

-###### [Onboard Windows devices using Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md)

-###### [Onboard Windows devices using Mobile Device Management tools](configure-endpoints-mdm.md)

-###### [Onboard non-persistent virtual desktop infrastructure (VDI) devices](configure-endpoints-vdi.md)

-###### [Onboard Windows 10 multi-session devices in Windows Virtual Desktop](onboard-windows-multi-session-device.md)

-#### [Integration with Microsoft Defender for Cloud](azure-server-integration.md)

-#### [Onboard devices without Internet access](onboard-offline-machines.md)

-#### [Run a detection test on a newly onboarded device](run-detection-test.md)

-#### [Run simulated attacks on devices](attack-simulations.md)

-#### [Configure proxy and Internet connectivity settings](configure-proxy-internet.md)

-#### [Create an onboarding or offboarding notification rule](onboarding-notification.md)

-description: Use Mobile Device Management tools to deploy the configuration package on devices so that they are onboarded to the Defender for Endpoint service.

-# Onboard Windows devices using Mobile Device Management tools

-If you're using Microsoft Intune, you must have the device MDM Enrolled. Otherwise, settings won't be applied successfully.

-Check out the [PDF](https://download.microsoft.com/download/5/6/0/5609001f-b8ae-412f-89eb-643976f6b79c/mde-deployment-strategy.pdf) or [Visio](https://download.microsoft.com/download/5/6/0/5609001f-b8ae-412f-89eb-643976f6b79c/mde-deployment-strategy.vsdx) to see the various paths in deploying Microsoft Defender for Endpoint.

-## Offboard and monitor devices using Mobile Device Management tools

-description: Onboard Windows devices so that they can send sensor data to the Microsoft Defender for Endpoint sensor

-keywords: Onboard Windows devices, group policy, endpoint configuration manager, mobile device management, local script, gp, sccm, mdm, intune

-search.product: eADQiWindows 10XVcnh

-ms.sitesec: library

-ms.pagetype: security

- - M365-security-compliance

- - m365-initiative-defender-endpoint

-# Onboarding tools and methods for Windows devices in Defender for Endpoint

-**Applies to:**

-> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-assignaccess-abovefoldlink)

-Devices in your organization must be configured so that the Defender for Endpoint service can get sensor data from them. There are various methods and deployment tools that you can use to configure the devices in your organization.

-In general, you'll identify the Windows device you're onboarding, then follow the corresponding tool appropriate to the device or your environment.

-## Endpoint onboarding tools

-Depending on the Windows endpoint you want to onboard, use the corresponding tool or method described in the following table.

-Windows device | Onboarding tool or method

-:|:

-|<ul><li> Windows 10</li> <li>Windows Server 1803 and 2019, and 2022</li> <li>Windows Server 2012 R2 and 2016<sup>[[1](#fn1)]<sup></li></ul> | [Local script (up to 10 devices)](configure-endpoints-script.md)<br> [Group Policy](configure-endpoints-gp.md)<br> [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) <br> [Microsoft Endpoint Manager/ Mobile Device Management (Intune)](configure-endpoints-mdm.md)<br> [VDI scripts](configure-endpoints-vdi.md) <br><br> **NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune.

-|<ul><li> Windows Server 2008 R2 SP1 </li></ul>| [Microsoft Monitoring Agent (MMA)](onboard-downlevel.md) <br>[Onboard previous versions of Windows](onboard-downlevel.md) or [Microsoft Defender for Cloud](/azure/security-center/security-center-wdatp) <br><br> **NOTE**: Microsoft Monitoring Agent is now Azure Log Analytics agent. To learn more, see [Log Analytics agent overview](/azure/azure-monitor/platform/log-analytics-agent).

-|<ul><li> Windows 7 SP1 </li> <li> Windows 7 SP1 Pro </li> <li> Windows 8.1 Pro </li> <li> Windows 8.1 Enterprise</li></ul> | [Microsoft Monitoring Agent (MMA)](onboard-downlevel.md) <br><br> **NOTE**: Microsoft Monitoring Agent is now Azure Log Analytics agent. To learn more, see [Log Analytics agent overview](/azure/azure-monitor/platform/log-analytics-agent).

-(<a id="fn1">1</a>) Windows Server 2016 and Windows Server 2012 R2 will need to be onboarded using the instructions in [Onboard Windows servers](configure-server-endpoints.md#windows-server-2012-r2-and-windows-server-2016).

->[!IMPORTANT]

->In order to be eligible to purchase Microsoft Defender for Endpoint Server SKU, you must have already purchased a combined minimum of any of the following, Windows E5/A5, Microsoft 365 E5/A5 or Microsoft 365 E5 Security subscription licenses. For more information on licensing, see the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering/MicrosoftDefenderforEndpointServer/all).

-Topic|Description

-:|:

-[Onboard devices using Group Policy](configure-endpoints-gp.md)|Use Group Policy to deploy the configuration package on devices.

-[Onboard devices using Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md)|You can use either use Microsoft Endpoint Manager (current branch) version 1606 or Microsoft Endpoint Manager (current branch) version 1602 or earlier to deploy the configuration package on devices.

-[Onboard devices using Mobile Device Management tools](configure-endpoints-mdm.md)|Use Mobile Device Management tools or Microsoft Intune to deploy the configuration package on device.

-[Onboard devices using a local script](configure-endpoints-script.md)|Learn how to use the local script to deploy the configuration package on endpoints.

-[Onboard non-persistent virtual desktop infrastructure (VDI) devices](configure-endpoints-vdi.md)|Learn how to use the configuration package to configure VDI devices.

-> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-configureendpoints-belowfoldlink)

-After onboarding the device, you can choose to run a detection test to verify that a device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](run-detection-test.md).

-If you intend to use a third-party antimalware solution, you'll need to run Microsoft Defender Antivirus in passive mode. You must remember to set to passive mode during the installation and onboarding process.

- > If you are running a non-Microsoft antimalware solution ensure you add exclusions for Microsoft Defender Antivirus ([from this list of Microsoft Defender Processes on the Defender Processes tab](https://download.microsoft.com/download/6/b/f/6bfff670-47c3-4e45-b01b-64a2610eaefa/mde-urls-commercial.xlsx)) to the non-Microsoft solution before installation. It is also recommended to add non-Microsoft security solutions to the Defender Antivirus exclusion list.

-By default, data is retained for 180 days; however, you can specify the data retention policy for your data. This determines how long Window Defender for Endpoint will store your data. There's a flexibility of choosing in the range of one month to six months to meet your company's regulatory compliance needs.

-> [!TIP]

-> You can visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.

-> [!NOTE]

-> The Defender for Endpoint demo site at demo.wd.microsoft.com is deprecated and will be removed in the future.

-&ensp;Release version: **30.122042.16880.0**<br/>

-**Managed by** </br> | Managed by indicates how the device is being managed. You can filter by:</br>- Microsoft Defender for Endpoint </br> - Mobile device management (MDM) </br>- Unknown: This could be due the running an outdated Windows version, SCCM being in place, or another third party MDM.</br></br> (_Computers and mobile only_)

-Network protection requires Windows 10 or 11 (Pro or Enterprise), or Windows Server version 1803 or later, and Microsoft Defender Antivirus real-time protection.

-Here's an another example:

-In general, to onboard devices to the service:

-| **Windows** | [Local script (up to 10 devices)](configure-endpoints-script.md) <br> [Group Policy](configure-endpoints-gp.md) <br> [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md) <br> [Integration with Microsoft Defender for Cloud](configure-server-endpoints.md#integration-with-microsoft-defender-for-cloud) |

-| **Linux Server** | [Local script](linux-install-manually.md) <br> [Puppet](linux-install-with-puppet.md) <br> [Ansible](linux-install-with-ansible.md)|

-| **iOS** | [Microsoft Endpoint Manager](ios-install.md) |

-**Step 1: Download the corresponding udpate for your endpoint.**

-@echo off

-cd "C:"

-IF EXIST "C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe" (

-exit

-) ELSE (

-wusa.exe C:\Windows\MMA\Windows6.1-KB3080149-x64.msu /quiet /norestart

-wusa.exe C:\Windows\MMA\Windows6.1-KB4074598-x64.msu /quiet /norestart

-wusa.exe C:\Windows\MMA\Windows6.1-KB3154518-x64.msu /quiet /norestart

-wusa.exe C:\Windows\MMA\Windows8.1-KB3080149-x64.msu /quiet /norestart

-"c:\windows\MMA\MMASetup-AMD64.exe" /c /t: "C:\Windows\MMA"c:\windows\MMA\ setup.exe /qn NOAPM=1 ADD_OPINSIGHTS_WORKSPACE=1

-OPINSIGHTS_WORKSPACE_ID="<your workspace ID>"

-OPINSIGHTS_WORKSPACE_KEY="<your workspace key>" AcceptEndUserLicenseAgreement=1

-)

-)

-Defender for Endpoint endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.

- > The current SHA256 hash of 'XMDEClientAnalyzer.zip' that is downloaded from the above link is: 'AFD674A149F139E80F1AE90E36814DAAC08AAD9E8B0DA20CB1D3FA33B9D0D1AD'.

-> - The mode change will apply immediately. You don't need to change the feature flag nor restart Microsoft Defender for Endpoint.

-1. System Integrity Protection (SIP) enabled. For more information, see [Disabling and Enabling System Integrity Protection](https://developer.apple.com/documentation/security/disabling_and_enabling_system_integrity_protection).

-1. Use a Mobile device management (MDM) tool to configure Microsoft Defender for Endpoint.

-Verify that "tamper_protection" is set to "disabled".

-2. Scroll down to the TVM advanced hunting schemas to familiarize yourself with the column names.

-| `IsRootSignerMicrosoft` | `boolean` | Indicates whether the signer of the root certificate is Microsoft |

-Using the Microsoft 365 Defender Add-on for Splunk that supports:

-For more information on the Microsoft 365 Defender Add-on for Splunk, see [splunkbase](https://splunkbase.splunk.com/app/4959/).

-The SmartConnector replaces the previous FlexConnector for Microsoft Defender for Endpoint.

-Use the Splunk Add-on for Microsoft Cloud Services to ingest events from Azure Event Hubs.

-For more information on the Splunk Add-on for Microsoft Cloud Services, see [splunkbase](https://splunkbase.splunk.com/app/3110/).

->Use the new IBM QRadar Microsoft 365 Defender Device Support Module (DSM) that calls the [Microsoft 365 Defender Streaming API](streaming-api.md) that allows ingesting streaming event data from Microsoft 365 Defender products. For more information on supported event types, see [Supported event types](supported-event-types.md).

->The following features are in preview or generally available (GA) in the latest release of Microsoft 365 Defender.

-**Applies to:** Word, Excel, and PowerPoint for Microsoft 365, Windows 10 Enterprise, Windows 11 Enterprise

-* **Office**: Office Current Channel and Monthly Enterprise Channel, Build version 2011 16.0.13530.10000 or later. Office Semi-Annual Enterprise Channel, Build version 2108 or later. Both 32-bit and 64-bit versions of Office are supported.

-To learn more about Office update channels, see [Overview of update channels for Microsoft 365](/deployoffice/overview-update-channels).

- When a third-party service or device sits in from of Microsoft 365, Enhanced Filtering for Connectors correctly identifies the source of internet messages, and greatly improves the accuracy of the Microsoft filtering stack (especially [spoof intelligence](anti-spoofing-protection.md), as well as post-breach capabilities in [Threat Explorer](threat-explorer.md) and [Automated Investigation & Response (AIR)](automated-investigation-response-office.md)).

-[Enable and manage access to Whiteboard](enable-whiteboard-access-organizations.md)

-| If you're looking for this information: | Go to this resource: |

-| If you're looking for this information: | Go to this resource: |

-|Learn how to set up and manage access to Whiteboard for your organization|[Enable and manage access to Whiteboard](enable-whiteboard-access-organizations.md)|

-| If you're looking for this information: | Go to this resource: |

-|Learn how to set up and manage access to Whiteboard for US Government GCC High environments|[Enable and manage access to Whiteboard - GCC High](enable-whiteboard-access-gcc-high.md)|

-| If you're looking for this information: | Go to this resource: |

-[Enable and manage access to Whiteboard - GCC High](enable-whiteboard-access-gcc-high.md)

-[Enable and manage access to Whiteboard - GCC High](enable-whiteboard-access-gcc-high.md)

-[Enable and manage access to Whiteboard](enable-whiteboard-access-organizations.md)

-[Enable and manage access to Whiteboard - GCC High](enable-whiteboard-access-gcc-high.md)

-[Enable and manage access to Whiteboard](enable-whiteboard-access-organizations.md)